Re: slocate vulnerability

["Barry K. Nathan" <barryn () pobox com>]

On Wed, Jan 29, 2003 at 10:49:22PM +1000, Adam Gilmore wrote:
> Below is an advisory on a buffer overflow in slocate 2.6.1.  I can't
> replicate the same error in gdb as the advisory and I don't believe it's
> a buffer overflow at all.
[snip]

Here's what I'm getting on a Mandrake 9.0 box (running under a Connectix
Virtual PC for Windows 5.1 trial, FWIW):

(gdb) run -c `perl -e "print 'A' x 1024"` -r `perl -e "print 'A' x
1024"`
Starting program: /usr/bin/slocate -c `perl -e "print 'A' x 1024"` -r
`perl -e "print 'A' x 1024"`
warning: slocate: could not open database: /var/lib/slocate/slocate.db:
Permission denied
warning: You need to run the 'updatedb' command (as root) to create the
database.
warning: slocate: decode_db():
ÀŠr@ÀŠr@ÈŠr@ÈŠr@Њr@Њr@ØŠr@ØŠr@àŠr@àŠr@èŠr@èŠr@ð directory
warning: You need to run the 'updatedb' command (as root) to create the
database.
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x40097b9b in strlen () from /lib/i686/libc.so.6
(gdb) bt
#0  0x40097b9b in strlen () from /lib/i686/libc.so.6
#1  0x4006aec0 in vfprintf () from /lib/i686/libc.so.6
#2  0x40088b94 in vsnprintf () from /lib/i686/libc.so.6
#3  0x0804ca07 in strcpy ()
#4  0x0804b5cf in strcpy ()
#5  0x0804bd99 in strcpy ()
#6  0x4003b082 in __libc_start_main () from /lib/i686/libc.so.6

If I just run it from the command prompt without going through gdb:

$ /usr/bin/slocate -c `perl -e "print 'A' x 1024"` -r `perl -e "print 'A' x 1024"`
warning: slocate: warning: database /var/lib/slocate/slocate.db' is more than 8 days old
Segmentation fault

-Barry K. Nathan <barryn () pobox com>